Guild Wars 2

Hello, since the patch, I been getting emails saying that I requested a change in my password, which I have not done so. I feel as if someone is trying to hack my GW2 account through hacking my email. Is that possible? As a precaution I changed my GW2 to a strong password, and soon will change my email password also. Any way to prevent people from finding out my email?

Your email is likely hacked….change your email PW NOW!

First you need to make SURE you account and email are secure and then check your account to see if anything has been taken, etc. (to see if you need an account rollback).

Most email providers will allow you to set up proxy email addresses that you can then use to associate your GW2 account with (or set up a completely separate email address for JUST GW2 account). Also, NEVER EVER use a password you have ever used at another website for any other sites. This is likely how your email account was compromised to begin with.

There are plenty of threads around here about how to secure your account better.

There is a Sticky at the top of the front page of this sub-forum about Account Security that you can read for more information. Good luck.

Ok it’s not just me then. I’m also getting reset requests and even a blocked log in attempt. Changed my password and I’m fairly sure I don’t have a key logger as my PC scans itself every night unless it’s a something brand new that the security guys don’t know about yet.

I’ve also received a few password reset requests, except only tonight while I was at work. When I returned home I discovered my account had been cleaned out. Already in touch with support to resolve the issue on the access information side of it and currently making sure my PC is clean of any keylogger. Except whoever requested those resets actually succeeded in changing my account’s password and I had to go get it back before confirming it had been hacked indeed, also had a creepy blank message in-game from someone I had never met…
Also had 2 US IPs registered in my account’s log once I got into the GW2 website, from different states so either my account’s information is being shared by whoever breached it or I was targetted by someone who actually knows what he/she is doing.

This is exactly why I don’t like the recent trend of games to use your email address as your login name.

I was getting GW Password Reset requests a few days prior to losing access to my account last Saturday. Unfortunately, it took GW support 5 days to finally get around to me. They reset my account this morning, I lost all my Gems, Gold, and a lot of gear and inventory.
Thoughts: After heartbleed was announced I reset my email password, along with a lot of others passwords just to be safe and increased their overall strength. I actively scan with Norton AV every couple days and used a dedicated password for GW2. Regardless, who or whatever still got into my account.
As of 9:00am I have received 12 GW Password Reset Requests. How could this be? Can you change your e-mail associated with your account? I have to end this madness! Will I get my Gems and other stuff back??

GLiDeR.6703:

I was getting GW Password Reset requests a few days prior to losing access to my account last Saturday. Unfortunately, it took GW support 5 days to finally get around to me. They reset my account this morning, I lost all my Gems, Gold, and a lot of gear and inventory.
Thoughts: After heartbleed was announced I reset my email password, along with a lot of others passwords just to be safe and increased their overall strength. I actively scan with Norton AV every couple days and used a dedicated password for GW2. Regardless, who or whatever still got into my account.
As of 9:00am I have received 12 GW Password Reset Requests. How could this be? Can you change your e-mail associated with your account? I have to end this madness! Will I get my Gems and other stuff back??

You can change the email associated with your account, and request an Account Restoration by submitting a request to CS. https://help.guildwars2.com/home
Good luck.

Here’s a tip I give some people, you definitely want a different password for everything but how do you remember all that? Here’s a tip: let’s say your usual password is hello123, well replace your email password with emailhello123, and your gw2 password with gw2hello123. Then you have individually different passwords for every account, but it’s still easy for you to remember.

Brewergamer, interesting. I use a generator, all my passwords utilize a 12 to 24 code and are alpha, numeric, symbolic.
Inculpatus cedo: I have an open ticket, thanks for the link but I’ve gotten to know it well in the last 5 days.

GLiDeR.6703:

Brewergamer, interesting. I use a generator, all my passwords utilize a 12 to 24 code and are alpha, numeric, symbolic.
Inculpatus cedo: I have an open ticket, thanks for the link but I’ve gotten to know it well in the last 5 days.

Splendid! Did you read the Knowledge Base articles at that link? They answer many of the questions, and offer advice. Good luck. =)

I have scanned for viruses, malware, adware, all the above and nothing. My pc is up to date and clean. I changed my email and Gw2 account passwords, each unique. My account has not been hacked (yet) I use my email for youtube, and on GW2 Guru forums. I am wondering it people are skimming adresses.

Also during beta, I used my hotmail account to get a second account for my laptop. I never did anything with it after beta, and noticed password reset requests in my junk mail.
My password is autosaved on my PC. I never type it in, so a keylogger would not work against that.

Linfang.1087:

My password is autosaved on my PC. I never type it in, so a keylogger would not work against that.

Good sir. Where do you think they save those passwords?

I’ve gotten a few of these over the past few weeks as well. Fortunately, it doesn’t appear that the password on my account has ever been successfully changed, nor were there any signs of illicit login (no missing stuff). The attempt wasn’t successful, and I don’t believe any of these attempts are due to your system, e-mail account, or anything else having already been hacked. I’d guess they’ve either somehow found out that your e-mail address has a GW2 account or they’ve just acquired a large list of e-mail addresses from somewhere and they’re trying to reset all or a lot of them to see which of them work. They would need to do the reset attempt and then somehow hack your e-mail (password reset or whatever) — which isn’t that far-fetched if you don’t have great security on your e-mail. My advice is to set up the Google Authenticator (2 factor authentication) on GW2 and then have your account associated with a GMail account on which you also have 2 factor authentication (SMS or Google Authenticator). Implement every possible security feature — security questions, require SMS to recover account, etc. They won’t be able to do much even if they get the password without also having your authenticator and/or mobile phone.

Oh, and on those security questions: don’t answer with real info. Make something up and keep a record of what answers you made up. For example, if a security question is “Where did you graduate from high school?”, don’t answer it honestly. The answer could be found with a bit of research on your name. Answer it with something like “Metropolitan Museum of Art”.

I have seen phishing reset emails also. Be careful.

I’ve been having said problems for a few months now. First come the reset password emails, then the authentication requests (even though I NEVER reset my password in the face of a clear phishing attempt!).

At first I just ignored them, and then submitted a ticket when one day I could no longer log into the game or my account. My password was changed by the Support people. The emails discontinued for a short while but then started coming again. This time around I finally regained access to the game (with the help of Support) only to find all my gems and money gone, and my main completely without gear and weapons. After the third reset password/authentication attack I asked the Support to change my email in case the old one had been hacked as well. This was done, and YET AGAIN after a short while I started receiving those emails again, this time to my new address. I know this time they could just be phishing emails. I really, really hope so. We’ll see how this develops.

For now I can still log in to my account and game, but really I’m just waiting for the account to be hacked once again since it’s happened twice already. I have set up the mobile authenticator but I don’t know if that’s of any help.

How in the world is this possible. I’m losing faith here.

Most likely cause is your email account is hacked. If an email from YOUR email account connected to GW2 comes into support requesting a password change, they assume it is legit and change the password. The hacker can easily cover their tracks in your email account so you never realize they are talking to GW Support. The hacker will likely do everything possible to make sure you don’t realize they have hacked your email.

Change your email password and consider abandoning that email account entirely. Most email providers allow some sort of indication if who has connected to your email account recently (so you can look for a hack), but I’m not 100% sure I would trust this information (my Yahoo run account was hacked (I have proof of it from Anet support) and their tools did not indicate any hacking).

BTW, if you have ever gotten a “How was your Anet Support experience?” email, (and you haven’t recently opened a ticket yourself) that is a sure sign something is up and it’s likely your email hacked.